Huawei switches are configured with acl policy to restrict vlan 101 from accessing 192.168.0.0/16, 172.30.0.0/16
Acl brief introduction:
ordinary ACL: 2000-2999, filtering according to the source IP address;
advanced ACL: 3000-3999, filtering according to the source and destination IP address and source and destination port;
Layer 2 ACL: 4000-4999, according to the source and destination mac address, etc. filter.
Log in to the switch and enter the configuration mode:
[SW-Core]acl number 3001
[SW-Core-acl-adv-3001]rule 10 deny ip source 172.30.102.0 0.0.0.255 destination 172.30.0.0 0.0.255.255
[SW-Core-acl -adv-3001]rule 20 deny ip source 172.30.102.0 0.0.0.255 destination 192.168.0.0 0.0.255.255
[SW-Core]traffic classifier 3001 operator and
[SW-Core-classifier-3001]if-match acl 3001
[SW-Core]traffic behavior 3001
[SW-Core-behavior-3001]permit
[SW-Core]traffic policy 3001 match-order config
[SW-Core-trafficpolicy-3001]classifier 3001 behavior 3001
Enter vlan configuration
[SW-Core]vlan 102
[SW-Core-vlan102]traffic-policy 3001 inbound
Okay, the acl policy has been configured, but one problem is that the vlan can still access the gateway IP address.